Your Tax Deadlines for May 2021

  • 7 May – Monthly Pay-As-You-Earn (PAYE) submissions and payments
  • 25 May – Value-Added Tax (VAT) manual submissions and payments
  • 28 May – Excise Duty payments
  • 31 May – Value-Added Tax (VAT) electronic submissions and payments
  • 31 May – Corporate Income Tax (CIT) Provisional Tax Payments where applicable

A Basic Guide to PAYE and Four Common Mistakes

“The point to remember is that what the government gives it must first take away” John S. Coleman

 

If it weren’t for the PAYE system, which forces employees to pay taxes as they earn their money, each of us would be liable for a lump sum payment of between 18% and 45% of our total monthly earnings at the end of each tax year. Pay As You Earn (PAYE) requires that employers deduct money from their employees’ earnings as they earn it, and pay this money over to SARS on the employees’ behalf.

The Basics

To calculate PAYE an employer should multiply an employee’s taxable earnings (which include any fringe benefits such as Disability Benefit Contributions etc.) by 52 weeks, 26 weeks or 12 months (depending on how often they get paid) to get an annual amount. This annual sum is then cross-referenced against the SARS tax tables to calculate annual tax. This is then divided again by the same work period to get the monthly PAYE tax which is then withheld, displayed on your IRP5 and paid over to SARS.

Example

  1. Regular monthly income = R10,000.
  2. Annual equivalent = R10,000 x 12 = R120,000.
  3. Tax calculated on R120,000 as per tax tables = R5,886.
  4. PAYE payable on regular monthly income = R5,886/12 = R490.50 p.m.

In cases where an employer pays certain things like medical aid, pension fund, income protection and/or retirement annuity fund contributions on an employee’s behalf, the employer must deduct these costs from the employee’s earnings and take these deductions/credits into account when calculating PAYE and making payment to SARS.  This is where problems begin to creep into the system.

Four Common Problems

  1. Travel Costs

    Travel costs are a common area of concern for SARS as they can be miscalculated extremely easily. To determine the portion of the travel allowance that should be included in the calculation of an employee’s taxable income, so as to determine the PAYE, the employer is required to implement an 80/20 rule. Either 80% of their mileage is for business purposes, and the remaining 20% of the allowance is subject to tax. Or, only 20% of their travel is business related, and the remaining 80% of the allowance must be taxed. To determine the percentage to be included in taxable income, accurate logbooks must be provided by employees so that the appropriate 80/20 rule can be strictly adhered to.
    Choosing the wrong rate here can expose an employee to substantially more tax than they should be paying.

  2. Disability Benefit Contributions

    Prior to 1 March 2015 Disability Benefit Contributions could be deducted tax free from an employee’s salary thereby reducing their PAYE contribution. Tax was then charged on the pay-out that the employee received in the event of a disability. This changed in March of that year, however, and now the Disability Benefit Contributions are no longer tax deductible and must be counted as being part of the employee’s fringe benefits. The final Disability pay-outs are, fortunately, tax free.

  3. Retirement payments

    Retirement payments give rise to another common error in the calculation of PAYE, mainly due to the fact that people are unaware that the system changed, and they are still implementing the old system. As of 1 March 2016, SARS now considers all company contributions to an employee’s retirement and risk benefits as a fringe benefit which should be taxed.

    There are, however, instances in which a pension fund contribution may be tax deductible. This depends primarily on whether the pension fund is “approved” or “unapproved”. Whether a retirement benefit is “approved” or “unapproved” is determined by the way its associated fund is administered as well as the rules of the fund. The broker who administers the fund will be able to tell you whether it is approved or unapproved and it will then be easier to work out just how to treat those deductions for PAYE.

  4. Partial tax year

    Because PAYE taxes are calculated on a projected annual earning, those employees who work only part of a year are liable to benefit from a rebate. Effectively a person earning R30 000 a month would pay monthly PAYE based on an annual earning of R360 000 a year. If they only work for six months of that tax year they should then have only been charged for an annual tax earning of R180 000 and will be deserving of a rebate for the six months where they paid too much.

Speak to your accountant for detailed advice. 

POPIA and Your Business: A Practical 5-Step Action Plan to Implement Now

“By failing to prepare you are preparing to fail” (Benjamin Franklin)

The media is awash with warnings about the dangers of not complying with POPIA (the Protection of Personal Information Act) by 1 July 2021, and indeed the risks of non-compliance are substantial.

The clock is ticking …. if anyone in your business needs to be motivated to take this seriously, refer them to the Countdown Clock on the Information Regulator’s website.

Although you still have until the end of June 2021 to become fully compliant, there are major benefits to understanding POPIA and starting the compliance process now – before it becomes compulsory. The penalties for getting it wrong are sizeable, “preparation makes perfect”, you are giving yourself time to get it right, and for many businesses there is also good marketing potential in being able to tell your customers and clients that you are already addressing the situation.

Five practical steps to start with…

Before we start on your action plan, get to grips with the fact that you will almost certainly have to comply fully with POPIA. As soon as you in any way “process” (collect, use, manage, store, share, destroy and the like) any personal information relating to a “data subject” (customers, members, employees and so on), you are a “responsible party”. Very few businesses will fall outside that net. Equally you are unlikely to fall under exemptions like that applying to information processed “in the course of a purely personal or household activity”. Get going with these steps –

  1. Information Officer: Identify an “Information Officer” who will be responsible (and liable) for all compliance duties, working with the Regulator, establishing procedures, and training your team in awareness and compliance. You are automatically your business’ Information Officer if you are its “Head” i.e. a sole trader, any partner in a partnership, or (in respect of a “juristic person” such as a company) the CEO, MD or “equivalent officer”. You, your partnership or your company can “duly authorise” another person in the business (management level or above) to act as Information Officer and you can designate one or more employees (again management level or above) as “Deputy Information Officers”. You will need to register both Information Officers and Deputy Information Officers with the Regulator, which (at date of writing) ) says on its website that it is experiencing a technical glitch with its online registration portal but is working to resolve the issue – otherwise download the manual Registration Form here.
  2. Assess what personal information you hold, how you hold it, and why: Figure out what personal information you currently hold, how you hold it, and why you hold it. To collect and “process” such information lawfully you need to be able to show that you are acting lawfully, reasonably in a manner that doesn’t infringe the data subject’s privacy, and safely.

    You must show that “given the purpose for which it is processed, it is adequate, relevant and not excessive”, data can only be collected for a specific purpose related to your business activities and can only be retained so long as you legitimately need to or are allowed to keep it.

    There’s a lot more detail in POPIA, but you get the picture – you cannot collect or hold personal information without good and lawful cause.

  3. Check security measures, know what to do about breaches: You must “secure the integrity and confidentiality of personal information in [your] possession or under [your] control by taking appropriate, reasonable technical and organisational measures to prevent … loss of, damage to or unauthorised destruction of personal information … and unlawful access to or processing of personal information.” You are going to have big problems if there is any form of breach from a risk that is “reasonably foreseeable” unless you can prove that you took steps to “establish and maintain appropriate safeguards” against those risks. Bear in mind that whilst cyber-attacks tend to get the most media time, there are also other risks out there – brainstorm with your team all possible vulnerabilities and patch them.

    Any actual or suspected breaches (called “security compromises” in POPIA) must be reported “as soon as reasonably possible” to both the Information Regulator and the data subject/s involved.

    If third parties (“operators”) hold or process any personal information for you, they must act with your authority, treat the information as confidential, and have in place all the above security measures.

  4. Check if you do any direct marketing: Most businesses don’t think of themselves as doing any “direct marketing”, but the definition is wide and includes “any approach” to a data subject “for the direct or indirect purpose of … promoting or offering to supply, in the ordinary course of business, any goods or services to the data subject…”. So for example just emailing or WhatsApping your customers about a new product or a special offer will put you firmly into that net.

    If your approach is by means of “any form of electronic communication, including automatic calling machines, facsimile machines, SMSs or e-mail”, you must observe strict limits. Whilst you can as a general proposition market existing customers in respect of “similar products or services” (there are limits and recipients must be able to “opt-out” at any stage), potential new customers can only be marketed with their consent, i.e. on an “opt-in” basis.

  5. Get a start on procedures and training: Cover how you will collect the data, process it, store it, for how long, for what purpose/s and so on. What consent forms do you need and when/how are they to be completed and stored?

    You are much less likely to have a POPIA problem if everyone in your business (and most importantly you!) understands what your procedures are and implements them as a matter of course. Make sure that no functions “fall between two stools” – assign individual compliance tasks to named staff members and make sure everyone understands who is to do what.

This is a complex topic and there is no substitute for tailored professional advice. What is set out above is of necessity no more than a simplified summary of a few practical highlights.